CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1045 matches found

NVD•added 2022/07/26 10:15 p.m.•18 views

CVE-2022-1492

Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page...

6.1CVSS0.00229EPSS

Exploits1References3

NVD•added 2022/07/14 3:15 p.m.•11 views

CVE-2022-32225

A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for Microsoft System...

6.1CVSS0.00648EPSS

Exploits0References1

Veeam•added 2022/07/12 12:0 a.m.•19 views

XSS Vulnerability in Veeam Management Pack for Microsoft System Center v8

Vulnerability Details A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack...

6.1CVSS6AI score0.00648EPSS

Exploits0Affected Software1

OSV•added 2022/07/05 6:15 p.m.•1 views

CVE-2022-33075

A stored cross-site scripting XSS vulnerability in the Add Classification function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via unspecified vectors...

5.4CVSS6.2AI score0.00187EPSS

Exploits2References3

OSV•added 2022/07/04 7:15 a.m.•1 views

CVE-2022-29513

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script...

4.8CVSS6.2AI score0.00175EPSS

Exploits0References2

Prion•added 2022/07/04 7:15 a.m.•13 views

Cross site scripting

Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser...

4.3CVSS6.5AI score0.00332EPSS

Exploits0References2Affected Software1

CNVD•added 2022/06/20 12:0 a.m.•15 views

Cisco Catalyst 2940 Series Cross-Site Scripting Vulnerability

Cisco Catalyst is a series of switches from Cisco, Inc. A cross-site scripting vulnerability exists in the Cisco Catalyst 2940 Series, which stems from a failure to properly process user input and generate an error page that could be exploited by an attacker to execute arbitrary scripts on the we...

6.1CVSS2.6AI score0.00779EPSS

Exploits0References1

OSV•added 2022/06/13 1:15 p.m.•2 views

CVE-2022-1822

The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS5.9AI score0.02212EPSS

Exploits0References4

CNNVD•added 2022/05/19 12:0 a.m.•2 views

SPIP 跨站脚本漏洞

SPIP is a web-based content publishing system. A cross-site scripting vulnerability exists in SPIP version 3.1.13 and prior versions, which originates in /spip.php. The vulnerability stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could use...

6.1CVSS5.6AI score0.02459EPSS

Exploits1References7

OSV•added 2022/05/03 8:15 p.m.•1 views

CVE-2022-27330

A cross-site scripting XSS vulnerability in /public/admin/index.php?addproduct of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field...

5.4CVSS5.9AI score0.00206EPSS

Exploits1References1

OSV•added 2022/05/02 11:15 p.m.•0 views

CVE-2020-23617

A cross site scripting XSS vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element...

6.1CVSS6.1AI score

Exploits0References2

Veracode•added 2022/04/29 6:44 a.m.•22 views

Cross-Site Scripting (XSS)

shopware/shopware is vulnerable to non-stored cross-site scripting. The vulnerability exists in storefront because the input parameters are not properly filtered which allows an attacker to inject and execute arbitrary scripts via url...

6.1CVSS5.8AI score0.00397EPSS

Exploits0References6Affected Software1

Veracode•added 2022/04/26 4:35 a.m.•22 views

Cross-Site Scripting (XSS)

facturascripts/facturascripts is vulnerable to stored cross-site scripting. The vulnerability exists in EditPageOption.php due to improper sanitization which allows an attacker to inject and execute arbitrary scripts...

5.4CVSS3AI score0.00374EPSS

Exploits1References5Affected Software1

Veracode•added 2022/04/22 7:49 a.m.•24 views

Cross-site Scripting (XSS)

antisamy is vulnerable to cross-site scripting. The vulnerability exists in the processStyleTag function in AntiSamyDOMScanner.java due to lack of input sanitization which allows an attacker to inject and execute arbitrary scripts...

6.1CVSS3.3AI score0.00243EPSS

Exploits0References4Affected Software1

ATTACKERKB•added 2022/04/10 9:15 p.m.•0 views

CVE-2022-27961

A cross-site scripting XSS vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box...

5.4CVSS6.3AI score0.00191EPSS

Exploits1References2

CNNVD•added 2022/03/30 12:0 a.m.•1 views

Zero-channel BBS Plus 跨站脚本漏洞

Zero-channel BBS Plus is a bulletin board CGI script by the individual developer of Zero-Channel BBS Plus Developers. Zero-channel BBS Plus suffers from a cross-site scripting vulnerability that stems from insufficient cleaning of user-supplied data. A remote attacker could use this vulnerability...

6.1CVSS6.2AI score0.00302EPSS

Exploits0References5

Veracode•added 2022/03/29 8:39 a.m.•18 views

Cross-Site Scripting (XSS)

nilsteampassnet/teampass is vulnerable to reflected cross-site scripting. The vulnerability exists in index.php due to improper sanitization which allows an attacker to inject and execute arbitrary scripts...

6.1CVSS2.9AI score0.00628EPSS

Exploits1References5Affected Software1

NVD•added 2022/03/24 10:15 p.m.•14 views

CVE-2022-25575

Multiple cross-site scripting XSS vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name, password, and verification code text boxes...

6.1CVSS0.0024EPSS

Exploits1References1

CNVD•added 2022/03/07 12:0 a.m.•15 views

MarkText Cross-Site Scripting Vulnerability

MarkText is a simple and elegant Markdown editor with a focus on speed and usability.A cross-site scripting vulnerability exists in versions of MarkText prior to 0.17.0, which stems from improper handling of links using javascript:scheme in documents. A remote attacker could exploit this...

3.5CVSS3.4AI score0.00195EPSS

Exploits0Affected Software1

ATTACKERKB•added 2022/02/15 4:15 p.m.•3 views

CVE-2022-24590

A stored cross-site scripting XSS vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML...

5.4CVSS6.2AI score0.00206EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by